Fixes gallifrey DHCP config.

Removes old sysupdate utility.

README.md

@@ -0,0 +1,19 @@
+# Geeky Gays Server NixOS Configs
+
+To update using latest pushed config:
+
+```bash
+sudo nix flake lock nixconf
+sudo nixos-rebuild boot --flake nixconf
+sudo reboot
+```
+
+To test an update that hasn't been pushed:
+
+```bash
+# Seriously, make a commit first!
+# Even a temporary one that will be ammended before pushing.
+git commit -a
+sudo nixos-rebuild boot --flake .
+sudo reboot
+```

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1705890365,
-        "narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=",
+        "lastModified": 1708910350,
+        "narHash": "sha256-cTuJVlOm05aQFIgGuYikgkrI61P2vTO2OfXwIRWEzUg=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9",
+        "rev": "a13f36255cf4ce99cc4236a34251c2e7106e101d",
         "type": "github"
       },
       "original": {
@@ -79,11 +79,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1705879479,
-        "narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=",
+        "lastModified": 1708988456,
+        "narHash": "sha256-RCz7Xe64tN2zgWk+MVHkzg224znwqknJ1RnB7rVqUWw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913",
+        "rev": "1d085ea4444d26aa52297758b333b449b2aa6fca",
         "type": "github"
       },
       "original": {
@@ -94,11 +94,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1693701915,
-        "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
+        "lastModified": 1708821942,
+        "narHash": "sha256-jd+E1SD59qty65pwqad2mftzkT6vW5nNFWVuvayh4Zw=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
+        "rev": "479831ed8b3c9c7b80533999f880c7d0bf6a491b",
         "type": "github"
       },
       "original": {
@@ -115,11 +115,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1707405218,
-        "narHash": "sha256-ZQ366Oo8WJbCqXAZET7N0Sz6RQ3G2IbqVtxQRSa3SXc=",
+        "lastModified": 1708940320,
+        "narHash": "sha256-QOWRJlqT5FRESiaO42/QV/GbSRNKSa4XUDs3cNQsoWI=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "843e2f04c716092797ffa4ce14c446adce2f09ef",
+        "rev": "5b7772406956f95e8a0e1f27218b1e7cf6e9164a",
         "type": "github"
       },
       "original": {
@@ -130,11 +130,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1705856552,
-        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
+        "lastModified": 1708984720,
+        "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
+        "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538",
         "type": "github"
       },
       "original": {

modules/nixos/core/default.nix

@@ -0,0 +1,106 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}:
+
+{
+  imports = [
+    ./users.nix
+  ];
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  # Inserts flake.nix shim on install.
+  environment.etc."nixos/flake.nix" = {
+    source = "${inputs.self}/templates/shim/flake.nix";
+    mode = "0440";
+  };
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    backupFileExtension = "hm-bak";
+  };
+
+  # Default Programs
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+    viAlias = true;
+    vimAlias = true;
+    configure = {
+      packages.myVimPackage = with pkgs.vimPlugins; {
+        start = [ vim-nix vim-lastplace vim-airline ];
+        opt = [];
+      };
+      customRC = ''
+        " your custom vimrc
+        set nocompatible
+        set backspace=indent,eol,start
+        " Turn on syntax highlighting by default
+        syntax on
+        set mouse=a
+        set number
+        " ...
+      '';
+    };
+  };
+  programs.tmux = {
+    enable = true;
+    escapeTime = 0;
+    clock24 = true;
+    extraConfig = ''
+      bind - split-window -h -c "#{pane_current_path}"
+      bind | split-window -v -c "#{pane_current_path}"
+      unbind '"'
+      unbind %
+
+      bind -n M-Left select-pane -L
+      bind -n M-Right select-pane -R
+      bind -n M-Up select-pane -U
+      bind -n M-Down select-pane -D
+    '';
+  };
+  environment.systemPackages = with pkgs; [
+    nvd nixpkgs-fmt nix-output-monitor
+    coreutils mime-types file
+    usbutils pciutils gitFull
+  ];
+
+  nix = let
+    users = [ "root" ] ++ config.gg.users.admins;
+  in
+  {
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 30d";
+      dates = "weekly";
+    };
+
+    settings = {
+      allowed-users = users;
+      auto-optimise-store = true;
+      experimental-features = [ "nix-command" "flakes" ];
+      http-connections = 50;
+      keep-derivations = true;
+      keep-outputs = true;
+      log-lines = 50;
+      trusted-users = users;
+      warn-dirty = false;
+    };
+
+    registry = {
+      nixpkgs.flake = inputs.nixpkgs;
+      nixconf.to = {
+        type = "git";
+        url = "https://git.solarpunk.moe/geekygays/nixconf";
+      };
+    };
+    nixPath = [
+      "nixpkgs=flake:nixpkgs"
+      "nixconf=flake:nixconf"
+    ];
+  };
+}

modules/nixos/core/users.nix

@@ -0,0 +1,45 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+let
+  inherit (lib) types;
+  genUsers = users: f: builtins.listToAttrs (map (user: {
+    name = user;
+    value = (f user);
+  }) users);
+in {
+  options.gg.users = {
+    admins = lib.mkOption {
+      type = (types.listOf types.str);
+      default = [ "mtxyz" "hive" ];
+    };
+    friend = lib.mkOption {
+      type = types.bool;
+      default = false;
+    };
+  };
+
+  config = {
+    # Users
+    programs.fish.enable = true;
+    users.defaultUserShell = pkgs.fish;
+
+    users.users = (genUsers config.gg.users.admins (name: {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keyFiles = [
+        "${inputs.self}/pubkeys/${name}.keys"
+      ];
+      initialPassword = "";
+    })) // {
+      friends = lib.mkIf config.gg.users.friend {
+        isNormalUser = true;
+        initialPassword = "";
+      };
+    };
+  };
+}

packages/sysupdate/default.nix

@@ -1,28 +0,0 @@
-{
-  pkgs,
-  ...
-}:
-
-pkgs.writeShellApplication {
-  name = "sysupdate";
-
-  runtimeInputs = with pkgs; [
-    nix-output-monitor nixos-rebuild home-manager
-  ];
-
-  text = ''
-    NIXCONF="''${NIXCONF:-/etc/nixos}"
-    echo Building config from flake at: "$NIXCONF" 1>&2
-    if [[ "''${1:-}" == "home" ]]; then
-      home-manager switch -L --flake "$NIXCONF" |& nom
-      exit $?
-    fi
-    if [ "$EUID" -ne 0 ]; then
-      echo Please rerun as root. 1>&2
-      exit 1
-    else
-      nixos-rebuild switch --log-format internal-json -v --flake "$NIXCONF" |& nom --json && \
-      exit $?
-    fi
-  '';
-}

systems/x86_64-iso/cmb/default.nix

@@ -1,7 +1,9 @@
 {
-  inputs,
+  config,
   pkgs,
+  inputs,
   modulesPath,
+  lib,
   ...
 }:
 
@@ -10,35 +12,13 @@
     "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
   ];
 
-  isoImage.isoBaseName = "nixos-gg-cmb";
+  # Localization
+  time.timeZone = "Etc/UTC";
+
+  isoImage.isoName = lib.mkForce "nixos-gg-cmb.iso";
 
   boot.kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
 
-  nix = {
-    registry = {
-      nixpkgs.flake = inputs.nixpkgs;
-      nixconf.to = {
-        type = "git";
-        url = "https://codeberg.org/geekygays/srv-nixconf";
-      };
-    };
-    nixPath = [ 
-      "nixpkgs=flake:nixpkgs"
-      "nixos-config=flake:nixconf"
-    ];
-    settings = {
-      trusted-users = [ "root" "@wheel" ];
-      experimental-features = [ "nix-command" "flakes" ];
-      log-lines = 30;
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    coreutils mime-types file
-    usbutils pciutils
-    gitFull tmux
-  ];
-
   # Enable the OpenSSH daemon.
   services.openssh = {
     enable = true;
@@ -51,38 +31,8 @@
   # Shared username is nixos.
   # SSH allows pubkey auth only.
   # Sudo is passwordless once logged in.
-
-  programs.fish.enable = true;
-  users.defaultUserShell = pkgs.fish;
-
   users.users.nixos = {
-    openssh.authorizedKeys.keyFiles = [
-      ./pubkeys/mtxyz.keys
-      ./pubkeys/hive.keys
-    ];
-  };
-
-  # Some nice neovim defaults.
-  programs.neovim = {
-    enable = true;
-    defaultEditor = true;
-    viAlias = true;
-    vimAlias = true;
-    configure = {
-      packages.myVimPackage = with pkgs.vimPlugins; {
-        start = [ vim-nix vim-lastplace vim-airline ];
-        opt = [];
-      };
-      customRC = ''
-       " your custom vimrc
-       set nocompatible
-       set backspace=indent,eol,start
-       " Turn on syntax highlighting by default
-       syntax on
-       set mouse=a
-       set number
-       " ...
-      '';
-    };
+    openssh.authorizedKeys.keyFiles = (map
+      (name: "${inputs.self}/pubkeys/${name}.keys") config.gg.users.admins);
   };
 }

systems/x86_64-iso/cmb/pubkeys/hive.keys

@@ -1 +0,0 @@
-../../../../pubkeys/hive.keys

systems/x86_64-iso/cmb/pubkeys/mtxyz.keys

@@ -1 +0,0 @@
-../../../../pubkeys/mtxyz.keys

systems/x86_64-linux/gallifrey/default.nix

@@ -1,6 +1,5 @@
 {
   pkgs,
-  inputs,
   ...
 }:
 
@@ -55,90 +54,9 @@
     desktopManager.gnome.enable = true;
   };
 
-  environment.systemPackages = with pkgs; [
-    coreutils mime-types file gitFull
-    usbutils pciutils
-  ];
   programs.kdeconnect.enable = true;
   programs.kdeconnect.package = pkgs.gnomeExtensions.gsconnect;
 
-  programs.neovim = {
-    enable = true;
-    defaultEditor = true;
-    viAlias = true;
-    vimAlias = true;
-    configure = {
-      packages.myVimPackage = with pkgs.vimPlugins; {
-        start = [ vim-nix vim-lastplace vim-airline ];
-        opt = [];
-      };
-      customRC = ''
-        " your custom vimrc
-        set nocompatible
-        set backspace=indent,eol,start
-        " Turn on syntax highlighting by default
-        syntax on
-        set mouse=a
-        set number
-        " ...
-      '';
-    };
-  };
-
-  nix = {
-    settings = {
-      trusted-users = [ "root" "@wheel" ];
-      auto-optimise-store = true;
-      experimental-features = [ "nix-command" "flakes" ];
-      warn-dirty = false;
-      log-lines = 30;
-    };
-    gc = {
-      automatic = true;
-      dates = "monthly";
-    };
-
-    registry = {
-      nixpkgs.flake = inputs.nixpkgs;
-      nixconf.flake = inputs.self;
-    };
-    nixPath = [
-      "nixpkgs=flake:nixpkgs"
-      "nixos-config=flake:nixconf"
-    ];
-  };
-
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    backupFileExtension = "hm-bak";
-  };
-
-  programs.fish.enable = true;
-  users.defaultUserShell = pkgs.fish;
-  users.users = {
-    mtxyz = {
-      isNormalUser = true;
-      extraGroups = [ "wheel" ];
-      openssh.authorizedKeys.keyFiles = [
-        ./pubkeys/mtxyz.keys
-      ];
-      initialPassword = "";
-    };
-    hive = {
-      isNormalUser = true;
-      extraGroups = [ "wheel" ];
-      openssh.authorizedKeys.keyFiles = [
-        ./pubkeys/hive.keys
-      ];
-      initialPassword = "";
-    };
-    friends = {
-      isNormalUser = true;
-      initialPassword = "";
-    };
-  };
-
   boot.binfmt.registrations.appimage = {
     wrapInterpreterInShell = false;
     interpreter = "${pkgs.appimage-run}/bin/appimage-run";

systems/x86_64-linux/gallifrey/hardware.nix

@@ -35,7 +35,6 @@
   ];
 
   networking.interfaces.enp3s0f0.wakeOnLan.enable = true;
-  networking.useDHCP = true;
 
   nixpkgs.hostPlatform = "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = true;

systems/x86_64-linux/gallifrey/pubkeys/hive.keys

@@ -1 +0,0 @@
-../../../../pubkeys/hive.keys

systems/x86_64-linux/gallifrey/pubkeys/mtxyz.keys

@@ -1 +0,0 @@
-../../../../pubkeys/mtxyz.keys

systems/x86_64-linux/pegasi/default.nix

@@ -0,0 +1,23 @@
+{...}:
+
+{
+  imports = [
+    ./hardware.nix
+  ];
+
+  # Localization
+  time.timeZone = "Etc/UTC";
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitEmptyPasswords = false;
+    };
+  };
+  programs.mosh.enable = true;
+
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+}

systems/x86_64-linux/pegasi/disk-config.nix

@@ -0,0 +1,5 @@
+{ ... }:
+{
+  disko.devices = {
+  };
+}

systems/x86_64-linux/pegasi/hardware.nix

@@ -0,0 +1,41 @@
+{
+  config,
+  pkgs,
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    ./disk-config.nix
+  ];
+
+  # Bootloader config
+  boot.initrd.availableKernelModules = [
+    "ehci_pci" "ahci" "sd_mod" "sr_mod"
+    "isci" "usb_storage" "usbhid"
+  ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+
+  boot.kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
+
+  boot.loader.grub = {
+    enable = true;
+    device = config.disko.devices.disk.boot.device;
+    configurationLimit = 5;
+  };
+
+  # ZFS Config
+  boot.zfs.forceImportRoot = false;
+  boot.zfs.allowHibernation = true;
+  services.zfs.autoScrub.enable = true;
+
+  # Networking config
+  networking.hostId = "0bdd5f68";
+  networking.useDHCP = true;
+
+  # Hardware config
+  nixpkgs.hostPlatform = "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = true;
+}

systems/x86_64-linux/sol/default.nix

@@ -1,8 +1,4 @@
-{
-  pkgs,
-  inputs,
-  ...
-}:
+{...}:
 
 {
   imports = [
@@ -11,7 +7,6 @@
 
   # Localization
   time.timeZone = "Etc/UTC";
-  i18n.defaultLocale = "en_US.UTF-8";
 
   # Enable the OpenSSH daemon.
   services.openssh = {
@@ -22,93 +17,6 @@
   };
   programs.mosh.enable = true;
 
-  # Users
-  programs.fish.enable = true;
-  users.defaultUserShell = pkgs.fish;
-  users.users = {
-    mtxyz = {
-      isNormalUser = true;
-      extraGroups = [ "wheel" ];
-      openssh.authorizedKeys.keyFiles = [
-        ./pubkeys/mtxyz.keys
-      ];
-      initialPassword = "";
-    };
-    hive = {
-      isNormalUser = true;
-      extraGroups = [ "wheel" ];
-      openssh.authorizedKeys.keyFiles = [
-        ./pubkeys/hive.keys
-      ];
-      initialPassword = "";
-    };
-  };
-
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    backupFileExtension = "hm-bak";
-  };
-
-  # Default Programs
-  programs.neovim = {
-    enable = true;
-    defaultEditor = true;
-    viAlias = true;
-    vimAlias = true;
-    configure = {
-      packages.myVimPackage = with pkgs.vimPlugins; {
-        start = [ vim-nix vim-lastplace vim-airline ];
-        opt = [];
-      };
-      customRC = ''
-        " your custom vimrc
-        set nocompatible
-        set backspace=indent,eol,start
-        " Turn on syntax highlighting by default
-        syntax on
-        set mouse=a
-        set number
-        " ...
-      '';
-    };
-  };
-  environment.systemPackages = with pkgs; [
-    coreutils mime-types file
-    usbutils pciutils
-    gitFull
-  ];
-
-  # Nix config
-  nix = {
-    settings = {
-      trusted-users = [ "root" "@wheel" ];
-      auto-optimise-store = true;
-      experimental-features = [ "nix-command" "flakes" ];
-      warn-dirty = false;
-      log-lines = 30;
-    };
-    gc = {
-      automatic = true;
-      dates = "monthly";
-    };
-
-    registry = {
-      nixpkgs.flake = inputs.nixpkgs;
-      nixconf.flake = inputs.self;
-    };
-    nixPath = [
-      "nixpkgs=flake:nixpkgs"
-      "nixos-config=flake:nixconf"
-    ];
-  };
-
-  # Inserts flake.nix shim on install.
-  environment.etc."nixos/flake.nix" = {
-    source = inputs.self + "/templates/shim/flake.nix";
-    mode = "0440";
-  };
-
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "23.11"; # Did you read the comment?

systems/x86_64-linux/sol/pubkeys/hive.keys

@@ -1 +0,0 @@
-../../../../pubkeys/hive.keys

systems/x86_64-linux/sol/pubkeys/mtxyz.keys

@@ -1 +0,0 @@
-../../../../pubkeys/mtxyz.keys